[Date Prev][Date Next] [Chronological] [Thread] [Top]

Bug in LDAP_CONTROL_PROXY_AUTHZ (ITS#2871)



Full_Name: Igor Brezac
Version: 2.1.25
OS: Solaris 9
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (209.170.142.3)


LDAP_CONTROL_PROXY_AUTHZ does not set mech which may create problems for some
sasl configurations.  Here is my example.

sasl-regexp     uid=(.*),cn=(.*),cn=(.*),cn=auth
            associateddomain=$2+cn=$1,ou=people,o=pb

sasl-regexp     uid=(.*),cn=(.*),cn=auth
            cn=$1,ou=people,ou=admin,o=pb

If the first sasl-regexp is not present, the second one would fail as well.

==>slap_sasl2dn: converting SASL name uid=igor,cn=ipass.net,cn=auth to a DN
slap_sasl_regexp: converting SASL name uid=igor,cn=ipass.net,cn=auth
slap_sasl_regexp: converted SASL name to cn=igor,ou=people,ou=admin,o=pb

I expected something like (from ldapwhoami cmd tool):

<<< dnNormalize: <uid=pino,cn=ipass.net,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name
uid=igor,cn=ipass.net,cn=digest-md5,cn=auth to a DN
slap_sasl_regexp: converting SASL name
uid=igor,cn=ipass.net,cn=digest-md5,cn=auth
slap_sasl_regexp: converted SASL name to
associateddomain=ipass.net+cn=igor,ou=people,o=pb